<?php
session_start();
include "../php/config.php";
include "../php/anti_injection.php";
include "../php/get_ip.php";
$username = anti_injection($_POST["username"]);
$password = anti_injection($_POST["password"]);
$username_md5 = md5($username);
$check_username = mysql_num_rows(mysql_query("SELECT * FROM muser WHERE vcMD5UserID = '$username_md5' AND intStatus = 1"));
if($check_username > 0)
{
	$password_md5 = md5($password);
	$get_user = mysql_query("SELECT * FROM muser WHERE vcMD5UserID = '$username_md5' AND vcMD5Password = '$password_md5' AND intStatus = 1");
	$check_password = mysql_num_rows($get_user);
	if($check_password > 0)
	{
		$r = mysql_fetch_array($get_user);
		$_SESSION["login.id"]		= $r["intNomor"];
		$_SESSION["login.username"]	= $r["vcMD5UserID"];
		$_SESSION["login.password"]	= $r["vcMD5Password"];
		$_SESSION["login.name"]		= $r["vcNama"];
		$_SESSION["login.group"]	= $r["intNomorMHUserGroup"];
		$ip = get_ip();
		mysql_query("INSERT INTO web_login (user_id,ip_address,login_page) VALUES ('".$r["intNomor"]."','$ip',0)");
		die("<meta http-equiv='refresh' content='0;URL=media.php'>");
	}
	else
		$_SESSION["login.warning"] = "Login Gagal: password tidak cocok";
}
else
	$_SESSION["login.warning"] = "Login Gagal: username tidak terdaftar";
die("<meta http-equiv='refresh' content='0;URL=index.php'>");
?>